Update base image to new image
Closed this issue · 4 comments
NyakudyaA commented
What is the bug or the crash?
The base image being used to build images https://hub.docker.com/layers/library/tomcat/9.0.73-jdk11-temurin-focal/images/sha256-37084b3c596c352c6be2fadffeda308c2cf951a07b668126acfcbd04902e48f9?context=explore
has a lot of vulnerabilities, We need to update to a newer version. The downside to using a newer version is that JMS clustering currently doesn't work with tomcat:9.0.89-jdk17-temurin-focal. It produces the following error
master-1 | 12 May 11:20:55 ERROR [geoserver.rest] - No such workspace: 'demo' found
master-1 | org.geoserver.rest.ResourceNotFoundException 404 NOT_FOUND: No such workspace: 'demo' found
master-1 | at org.geoserver.rest.catalog.WorkspaceController.workspaceGet(WorkspaceController.java:89)
master-1 | at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
master-1 | at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77)
master-1 | at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
master-1 | at java.base/java.lang.reflect.Method.invoke(Method.java:568)
master-1 | at org.springframework.web.method.support.InvocableHandlerMethod.doInvoke(InvocableHandlerMethod.java:205)
master-1 | at org.springframework.web.method.support.InvocableHandlerMethod.invokeForRequest(InvocableHandlerMethod.java:150)
master-1 | at org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:117)
master-1 | at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.invokeHandlerMethod(RequestMappingHandlerAdapter.java:898)
master-1 | at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:809)
master-1 | at org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.handle(AbstractHandlerMethodAdapter.java:87)
master-1 | at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:1072)
master-1 | at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:965)
master-1 | at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:1006)
master-1 | at org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:898)
master-1 | at javax.servlet.http.HttpServlet.service(HttpServlet.java:529)
master-1 | at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:883)
master-1 | at javax.servlet.http.HttpServlet.service(HttpServlet.java:623)
master-1 | at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:199)
master-1 | at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:144)
master-1 | at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:51)
master-1 | at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:168)
master-1 | at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:144)
master-1 | at org.apache.catalina.filters.CorsFilter.handleNonCORS(CorsFilter.java:331)
master-1 | at org.apache.catalina.filters.CorsFilter.doFilter(CorsFilter.java:158)
master-1 | at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:168)
master-1 | at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:144)
master-1 | at org.apache.catalina.filters.HttpHeaderSecurityFilter.doFilter(HttpHeaderSecurityFilter.java:129)
master-1 | at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:168)
master-1 | at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:144)
master-1 | at org.geoserver.filters.ThreadLocalsCleanupFilter.doFilter(ThreadLocalsCleanupFilter.java:28)
master-1 | at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:168)
master-1 | at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:144)
master-1 | at org.geoserver.filters.SpringDelegatingFilter$Chain.doFilter(SpringDelegatingFilter.java:73)
master-1 | at org.geoserver.flow.controller.IpBlacklistFilter.doFilter(IpBlacklistFilter.java:89)
master-1 | at org.geoserver.filters.SpringDelegatingFilter$Chain.doFilter(SpringDelegatingFilter.java:70)
master-1 | at org.geoserver.ows.HTTPHeadersCollector.doFilter(HTTPHeadersCollector.java:48)
master-1 | at org.geoserver.filters.SpringDelegatingFilter$Chain.doFilter(SpringDelegatingFilter.java:70)
master-1 | at org.geoserver.filters.HTTPMethodFilter.doFilter(HTTPMethodFilter.java:36)
master-1 | at org.geoserver.filters.SpringDelegatingFilter$Chain.doFilter(SpringDelegatingFilter.java:70)
master-1 | at org.geoserver.filters.LoggingFilter.doFilter(LoggingFilter.java:194)
master-1 | at org.geoserver.filters.SpringDelegatingFilter$Chain.doFilter(SpringDelegatingFilter.java:70)
master-1 | at org.geoserver.monitor.MonitorFilter.doFilter(MonitorFilter.java:159)
master-1 | at org.geoserver.filters.SpringDelegatingFilter$Chain.doFilter(SpringDelegatingFilter.java:70)
master-1 | at org.geoserver.filters.SpringDelegatingFilter.doFilter(SpringDelegatingFilter.java:43)
master-1 | at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:168)
master-1 | at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:144)
master-1 | at org.geoserver.platform.AdvancedDispatchFilter.doFilter(AdvancedDispatchFilter.java:39)
master-1 | at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:168)
master-1 | at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:144)
master-1 | at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:337)
master-1 | at org.geoserver.security.filter.GeoServerCompositeFilter$NestedFilterChain.doFilter(GeoServerCompositeFilter.java:71)
master-1 | at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:115)
master-1 | at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:81)
master-1 | at org.geoserver.security.filter.GeoServerCompositeFilter$NestedFilterChain.doFilter(GeoServerCompositeFilter.java:75)
master-1 | at org.geoserver.security.filter.GeoServerCompositeFilter.doFilter(GeoServerCompositeFilter.java:92)
master-1 | at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:346)
master-1 | at org.geoserver.security.filter.GeoServerCompositeFilter$NestedFilterChain.doFilter(GeoServerCompositeFilter.java:71)
master-1 | at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:122)
master-1 | at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:116)
master-1 | at org.geoserver.security.filter.GeoServerCompositeFilter$NestedFilterChain.doFilter(GeoServerCompositeFilter.java:75)
master-1 | at org.geoserver.security.filter.GeoServerCompositeFilter.doFilter(GeoServerCompositeFilter.java:92)
master-1 | at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:346)
master-1 | at org.geoserver.security.filter.GeoServerAnonymousAuthenticationFilter.doFilter(GeoServerAnonymousAuthenticationFilter.java:53)
master-1 | at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:346)
master-1 | at org.geoserver.security.filter.GeoServerCompositeFilter$NestedFilterChain.doFilter(GeoServerCompositeFilter.java:71)
master-1 | at org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilterInternal(BasicAuthenticationFilter.java:196)
master-1 | at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
master-1 | at org.geoserver.security.filter.GeoServerCompositeFilter$NestedFilterChain.doFilter(GeoServerCompositeFilter.java:75)
master-1 | at org.geoserver.security.filter.GeoServerCompositeFilter.doFilter(GeoServerCompositeFilter.java:92)
master-1 | at org.geoserver.security.filter.GeoServerBasicAuthenticationFilter.doFilter(GeoServerBasicAuthenticationFilter.java:81)
master-1 | at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:346)
master-1 | at org.geoserver.security.filter.GeoServerCompositeFilter$NestedFilterChain.doFilter(GeoServerCompositeFilter.java:71)
master-1 | at org.geoserver.security.filter.GeoServerSecurityContextPersistenceFilter$1.doFilterInternal(GeoServerSecurityContextPersistenceFilter.java:72)
master-1 | at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
master-1 | at org.geoserver.security.filter.GeoServerCompositeFilter$NestedFilterChain.doFilter(GeoServerCompositeFilter.java:75)
master-1 | at org.geoserver.security.filter.GeoServerCompositeFilter.doFilter(GeoServerCompositeFilter.java:92)
master-1 | at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:346)
master-1 | at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:221)
master-1 | at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:186)
master-1 | at org.geoserver.security.GeoServerSecurityFilterChainProxy.doFilter(GeoServerSecurityFilterChainProxy.java:141)
master-1 | at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:354)
master-1 | at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:267)
master-1 | at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:168)
master-1 | at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:144)
master-1 | at org.geoserver.filters.XFrameOptionsFilter.doFilter(XFrameOptionsFilter.java:100)
master-1 | at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:168)
master-1 | at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:144)
master-1 | at org.geoserver.filters.GZIPFilter.doFilter(GZIPFilter.java:48)
master-1 | at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:168)
master-1 | at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:144)
master-1 | at org.geoserver.filters.SessionDebugFilter.doFilter(SessionDebugFilter.java:49)
master-1 | at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:168)
master-1 | at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:144)
master-1 | at org.geoserver.filters.FlushSafeFilter.doFilter(FlushSafeFilter.java:42)
master-1 | at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:168)
master-1 | at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:144)
master-1 | at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:201)
master-1 | at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
master-1 | at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:168)
master-1 | at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:144)
master-1 | at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:168)
master-1 | at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:90)
master-1 | at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:481)
master-1 | at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:130)
master-1 | at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:93)
master-1 | at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:660)
master-1 | at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74)
master-1 | at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:346)
master-1 | at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:388)
master-1 | at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:63)
master-1 | at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:928)
master-1 | at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1791)
master-1 | at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:52)
master-1 | at org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1190)
master-1 | at org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659)
master-1 | at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:63)
master-1 | at java.base/java.lang.Thread.run(Thread.java:840)
master-1 | 12 May 11:20:55 INFO [cluster.impl] - Using brokerURI: failover:(tcp://0.0.0.0:61661)
master-1 | 12 May 11:20:55 INFO [geoserver.cluster] - Creating an instance of: class org.geoserver.cluster.impl.handlers.catalog.JMSCatalogModifyEventHandlerSPI
master-1 | 12 May 11:20:55 ERROR [geoserver.cluster] - No converter available
master-1 | ---- Debugging information ----
master-1 | message : No converter available
master-1 | type : java.util.concurrent.locks.ReentrantLock
master-1 | converter : com.thoughtworks.xstream.converters.reflection.ReflectionConverter
master-1 | message[1] : Unable to make field private static final long java.util.concurrent.locks.ReentrantLock.serialVersionUID accessible: module java.base does not "opens java.util.concurrent.locks" to unnamed module @42c03f3d
Steps to reproduce the issue
Versions
2.25.0
Additional context
Since we tag the releases with 2.25.0 i.e I think we need to do the following
- Upgrade base image
- Write a report upstream explaining the issue with JMS and hope a fix comes in
- Disable the clustering test until it is fixed.
- Merge the PR when 2.25.1 is available so that we do not break existing installations
@m4ci3k2 @krishnaglodha @tharanathkartoza what are your views here
tharanathkartoza commented
@NyakudyaA the version 2.25.1 seems out now. Can we test this again?
NyakudyaA commented
@tharanathkartoza Let's wait for the feedback from #659, if he hasn't responded by COB tomorrow. I can tag a new release
NyakudyaA commented
This one seems to pass tests
NyakudyaA commented
Security tab now shows fewer security vulnerabilities